Bug #2876
closedsegfault with fastcgi app
Description
1.4.45 works fine
1.4.49 and some earlier version segfaults
Using lighttpd with fastcgi app
end of strace
[pid 5341] close(8) = 0 [pid 5341] write(6, "2018-03-15 19:45:15: (server.c.1423) server started (lighttpd/1.4.49 (PLD Linux)) \n", 83) = 83 [pid 5341] stat("/usr/sbin/rt-server.fcgi", {st_mode=S_IFREG|0755, st_size=5449, ...}) = 0 [pid 5341] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5335] <... read resumed> "", 1) = 0 [pid 5341] +++ killed by SIGSEGV +++ close(6) = 0 write(2, "daemonized server failed to start; check error log for details\n", 63daemonized server failed to start; check error log for details ) = 63 exit_group(-1) = ? +++ exited with 255 +++
Files
Updated by gstrauss almost 7 years ago
- Category set to core
- Target version changed from 1.4.x to 1.4.50
Thank you for the info. It's clear that the error is a NULL pointer dereference, since 'host' has not been set in the fastcgi.server definition. Would you please share the fastcgi.server config from your lighttpd config?
Updated by gstrauss almost 7 years ago
If 'host' is not specified, what behavior are you expecting? Listen on "localhost" 127.0.0.1? Listen on "::1" Listen on "0.0.0.0"? Listen on "::" ? other?
Updated by gstrauss almost 7 years ago
A quick look at commit 18363092 looks like localhost 127.0.0.1 was the default if 'host' was not provided.
Updated by gstrauss almost 7 years ago
- Status changed from New to Patch Pending
Workaround is to set "host" => "localhost"
in the fastcgi.server config (or "host" => "127.0.0.1"
)
Next release of lighttpd will have this:
--- a/src/gw_backend.c +++ b/src/gw_backend.c @@ -1399,8 +1399,12 @@ int gw_set_defaults_backend(server *srv, gw_plugin_data *p, data_unset *du, size host->port = 80; } - host->family = (!buffer_string_is_empty(host->host) - && NULL != strchr(host->host->ptr, ':')) + if (buffer_string_is_empty(host->host)) { + buffer_copy_string_len(host->host, + CONST_STR_LEN("127.0.0.1")); + } + + host->family = (NULL != strchr(host->host->ptr, ':')) ? AF_INET6 : AF_INET; }
Updated by arekm almost 7 years ago
Indeed, no host.
fastcgi.server = ( "/" => ( "rt" => ( "port" => "9000", "bin-path" => "/usr/sbin/rt-server.fcgi", "check-local" => "disable", "disable-time" => 0, "min-procs" => 2, "max-procs" => 20, "fix-root-scriptname" => "enable", ) ) ) }
Adding host like that:
fastcgi.server = ( "/" => ( "rt" => ( "host" => "127.0.0.1", "port" => "9000", "bin-path" => "/usr/sbin/rt-server.fcgi", "check-local" => "disable", "disable-time" => 0, "min-procs" => 2, "max-procs" => 20, "fix-root-scriptname" => "enable", ) ) ) }
doesn't seem to fix it, still segfaults. valgrind/gdb info in 1-2 days, can't play with it at this moment.
Updated by gstrauss almost 7 years ago
Taking the examples you gave, I can reproduce the crash.
If I add "host" => "127.0.0.1", the crash no longer occurs.
If I use the patch I provided above, the crash no longer occurs.
Please check that you have updated the config, are using that config, have restarted lighttpd, and are hitting that instance of lighttpd with your test request.
Updated by gstrauss almost 7 years ago
- Status changed from Patch Pending to Fixed
- % Done changed from 0 to 100
Applied in changeset e21906b3b41cda3cefebcc8b96ae6ad08549e504.
Updated by arekm almost 7 years ago
Patch fixes it for me.
Had one more fastcgi section (without host) which caused segfault.
Also available in: Atom